Invalid Result set for authorization query

Question

I have to connect to a third party tool for getting authorization, the tool is called superman which my client uses. Not sure whether this is inhouse or bought. I am using Spring security for authenticating, getting user is done by providing the query externally to JDBC service. When authorization query specific to this tool is executed, I get the following error:

"Authentication event AuthenticationFailureServiceExceptionEvent: liseol; 
details: null; 
exception: PreparedStatementCallback; 
invalid ResultSet access for SQL [SELECT id_fonction_if AS functions 
FROM superman.AUTORISATIONS, superman.INCLUS_FONCTIONS 
WHERE id_grp_de_fonctions_a=id_grp_de_fonctions_if 
AND id_domaine_if =id_domaine_a 
AND id_application_if =id_application_a 
AND id_domaine_a ='SI' 
AND id_application_a ='PAN' 
AND no_emp_a =(select emp_no from sigsi.employes 
where upper(emp_logon)= upper(?))]; 
nested exception is java.sql.SQLException: 
Index de colonne non valide" (Column index is invalid).

Below is my security config file details

</security:global-method-security>

<security:http auto-config="true">
  <security:intercept-url pattern="PanierSIG.html"/>
  <security:intercept-url pattern="/**/*.swf"/>
  <security:intercept-url pattern="/**" />
</security:http>



<security:authentication-manager alias="_authenticationManager">
    <security:authentication-provider>
       <security:password-encoder hash="plaintext"/>
       <security:jdbc-user-service data-source-ref="dataSource"
                        users-by-username-query="select LOGON,PASSWORD,CATALOGUE from sigpan.UTILISATEURS where LOGON = ?" 
                        authorities-by-username-query="SELECT id_fonction_if AS functions
                        FROM superman.AUTORISATIONS, superman.INCLUS_FONCTIONS
                        WHERE id_grp_de_fonctions_a=id_grp_de_fonctions_if
                        AND id_domaine_if          =id_domaine_a
                        AND id_application_if      =id_application_a
                        AND id_domaine_a           ='SI'
                        AND id_application_a       ='PAN'
                        AND no_emp_a =(select emp_no from sigsi.employes where upper(emp_logon)= upper(?))"/>

                        <!--
                        group-authorities-by-username-query="select g.id, g.group_name, ga.authority from groups g, group_members gm, group_authorities ga where gm.username = ? and g.id = ga.group_id and g.id = gm.group_id"
                        -->
    </security:authentication-provider>
</security:authentication-manager>

<!-- Automatically receives AuthenticationEvent messages -->
<bean id="loggerListener" class="org.springframework.security.authentication.event.LoggerListener"/>

I would like to add that my project is flex java based. Flex 4, Java 5, Spring 3.0.5. Release and Spring Secuirty 3.1.0.M1.

Answer 1

The "Column index is invalid" is comparable to a IndexOutOfBoundsException on a JDDC ResultSet. The spring framework obviously expects your authorities-by-username-query to return more than one column.

I'm not familiar with Spring framework, but in JBOSSAS builtin security, which is based on JAAS and looks very similar to what you are doing above, you would have to add a 'Roles' column.

SELECT id_fonction_if AS functions, 'Roles'
                        FROM superman.AUTORISATIONS, superman.INCLUS_FONCTIONS
                        WHERE id_grp_de_fonctions_a=id_grp_de_fonctions_if
                        AND id_domaine_if          =id_domaine_a
                        AND id_application_if      =id_application_a
                        AND id_domaine_a           ='SI'
                        AND id_application_a       ='PAN'
                        AND no_emp_a =(select emp_no from sigsi.employes where upper(emp_logon)= upper(?))